iOS IPSec dial up VPN not getting DNS setting

maplesyrup · ‎07-29-2024

I am setting up an iOS IPSec VPN and followed everything in this guide
https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/311726/ios-device-as-dialup-...

So far I can access the local network but only via IPs. Hostnames does not work. Clients can ping the dns server but the client can't seem to get any resolution.

Is there a problem in this guide or lacking any steps? I tried to search other KB but seem to not work either.

amrit · ‎07-29-2024

Check if the port 53 (DNS) traffic is allowed . Also, take a packet capture on the incoming and outgoing interfaces of the firewall. You can run the following debugs

di de flow filter addr <src machine ip>

di de flow filter port 53

di de flow show function-name en

di de flow trace start 100

di de en

On a separate CLI run the following

di sniffer packer any 'host <dns ip> and port 53' 4 0 l

Initiate the DNS request and provide the output from the above debugs

To disable debugs

di de dis

Amritpal Singh

HiralShah · ‎07-29-2024

Hello @maplesyrup

Can you please check this document: make sure dns suffix is set on the ipsec phase1 configuration

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-DNS-resolution-over-IPsec-SSL-VPN/ta...

Hiral

iOS IPSec dial up VPN not getting DNS setting

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website